14 matches found
CVE-2019-15469
The Xiaomi Mi Pad 4 Android device with a build fingerprint of Xiaomi/clover/clover:8.1.0/OPM1.171019.019/V9.6.26.0.ODJCNFD:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app versionCode=27, versionName=8.1.0 that allows other pre-installed...
CVE-2019-15463
The Samsung j7popeltemtr Android device with a build fingerprint of samsung/j7popeltemtr/j7popeltemtr:8.1.0/M1AJQ/J727T1UVS5BSC2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app versionCode=7000100, versionName=7.0.1.0 that allows other...
CVE-2019-15446
The Samsung S7 Android device with a build fingerprint of samsung/heroltexx/herolte:8.0.0/R16NW/G930FXXU3ESAC:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app versionCode=7000000, versionName=7.0.0.0 that allows other pre-installed apps to...
Code injection
The Tecno Spark Pro Android device with a build fingerprint of TECNO/H3722/TECNO-K8:7.0/NRD90M/K8-H3722ABCDE-N-171229V96:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app versionCode=7, versionName=7.0.5 that allows unauthorized dynamic code...
Code injection
The Samsung j7popeltemtr Android device with a build fingerprint of samsung/j7popeltemtr/j7popeltemtr:8.1.0/M1AJQ/J727T1UVS5BSC2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app versionCode=7000100, versionName=7.0.1.0 that allows other...
Code injection
The Asus ZenFone Live Android device with a build fingerprint of asus/WWPhone/ASUSX00LD3:7.1.1/NMF26F/14.0400.1806.203-20180720:user/release-keys contains a pre-installed app with a package name of com.asus.atd.smmitest app versionCode=1, versionName=1 that allows unauthorized wireless settings...
CVE-2019-15462
The Samsung J7 Duo Android device with a build fingerprint of samsung/j7duolteub/j7duolte:8.0.0/R16NW/J720MUBS3ASB2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app versionCode=7000000, versionName=7.0.0.0 that allows other pre-installed ap...
CVE-2019-15430
The Bluboo D3 Pro Android device with a build fingerprint of BLUBOO/BlubooD2Pro/BlubooD2Pro:7.0/NRD90M/1510370501:user/release-keys contains a pre-installed app with a package name of com.qiku.cleaner app versionCode=2, versionName=2.0.0VER32516508295515 that allows other pre-installed apps to...
CVE-2019-15418
The CVE-2019-15418 entry concerns the ASUS_X00K_1 device running Android 7.0 with a pre-installed app (package com.lovelyfont.defcontainer, versionCode 5, versionName 5.0.1) that enables unauthorized command execution via a confused deputy attack. Affected component is the defcontainer app on the...
CVE-2019-15412
The CVE-2019-15412 entry concerns the Asus ZenFone 4 Selfie. A pre-installed component, com.asus.loguploaderproxy (versionCode 1570000020, versionName 7.0.0.4_170901) exposes an accessible app component that can be used by other pre-installed apps to perform command execution. This capability is ...
CVE-2019-15385
The CVE-2019-15385 issue affects the Infinix Note 5 running Android, where a pre-installed app (package com.mediatek.wfo.impl, versionCode 27, versionName 8.1.0) exposes an exported interface that allows any co-located app to modify a system property without proper authorization. This is tied to ...
CVE-2019-15354
The CVE-2019-15354 entry concerns the Ulefone Armor 5 Android device. A pre-installed app (package com.mediatek.wfo.impl, v8.1.0) exposes an interface that allows any co-located app to modify a system property without proper authorization. This constitutes a local-impact, integrity-related vulner...
CVE-2019-15335
The CVE-2019-15335 entry concerns Lava Z92 Android devices where a pre-installed app (com.android.lava.powersave, versionCode 400, versionName v4.0.27) exposes an interface that lets any co-located app disable/enable Wi‑Fi without the necessary access permission. This is due to an exported interf...
CVE-2018-15007
The Sky Elite 6.0L+ Android device with a build fingerprint of SKY/x6069trxl601sky/x6069trxl601sky:6.0/MRA58K/1482897127:user/release-keys contains a pre-installed platform app with a package name of com.fw.upgrade.sysoper versionCode=238, versionName=2.3.8 that contains an exported broadcast...